The generation and spread of computer viruses is a major problem in modern day computing. Generally, a computer virus is a program that is capable of attaching to other programs or sets of computer instructions, replicating itself, and performing unsolicited or malicious actions on a computer system. Generally, computer viruses are designed to spread by attaching to floppy disks or data transmissions between computer users, and are designed to do damage while remaining undetected. The damage done by computer viruses may range from mild interference with a program, such as the display of an unwanted political message in a dialog box, to the complete destruction of data on a user's hard drive. It is estimated that new viruses are created at a rate of over 100 per month.
A variety of programs have been developed to detect and destroy computer viruses. As is known in the art, a common method of detecting viruses is to use a virus scanning engine to scan for known computer viruses in executable files, application macro files, disk boot sectors, etc. Generally, computer viruses are comprised of binary sequences called “virus signatures.” Upon the detection or a virus signature by the virus scanning engine, a virus disinfection program may then be used to extract the harmful information from the infected code, thereby disinfecting that code. Common virus scanning software allows for boot-sector scanning upon system bootup, on-demand scanning at the explicit request of the user, and/or on-access scanning of a file when that file is accessed by the operating system or an application.
In order to detect computer viruses, a virus scanning engine is generally provided in conjunction with one or more files called “virus signature files”. The virus scanning engine scans a user's computer files via a serial comparison of each file against the virus signature files. Importantly, if the signature of a certain virus is not contained in any of the virus signature files, that virus will not be detected by the virus scanning engine.
Generally speaking, a recent trend is for manufacturers of antivirus applications to update their virus signature files as new viruses are discovered and as cures for these viruses are developed, and to make these updated signature files available to users on a periodic basis (e.g. monthly, quarterly, etc.). For example, an antivirus program manufacturer may post the update file on a bulletin board system, on an FTP (File Transfer Protocol) site, or on a World Wide Web site for downloading by users.
Updates to antivirus applications often must be developed and tested in short time cycles so that customers can be protected for new virus threats. Antivirus applications also must operate as part of an operating system, so the quality of antivirus applications must be high to prevent system failure.
As a result of the rapid nature of development of antivirus application updates, and the wide scale distribution via the Internet, current-testing procedures do not always ensure stability. Unfortunately, various problems can occur when antivirus applications or signature files are updated, i.e. system hangs, system crashes and false alarms (i.e. detecting viruses when no virus exists).